Privacy Policy

Scope

This Policy applies to "Personal Data," meaning information that identifies, relates to, or can reasonably be linked to a specific natural person. It covers your interactions with our website at bricehillconsulting.com (the "Site"), your engagement with us for consulting or advisory services, your access to client portals or monitoring tools we provide, and any communications you send us by email, phone, or in person. For corporate clients, we may process Personal Data as a Data Controller (for our own business purposes) and as a Data Processor (on your behalf, subject to a separately executed Data Processing Agreement).

Collection of Personal Data

Information you provide directly. When you contact us, engage our services, or interact with our Site, you may provide identity and contact information (name, title, email, phone, mailing address, company), account credentials, contractual and business documents (signed agreements, statements of work, billing details), technical materials (architecture documents, network diagrams, hardware inventories), and any communications or inquiries you send to us.

Information collected automatically. When you visit our Site, we may collect usage data including IP addresses, browser type, operating system, pages visited, referring URLs, and session duration. Where we deploy or manage infrastructure on your behalf, we may also collect infrastructure telemetry — performance metrics, uptime data, error logs, and system health data — solely for operational and safety purposes.

Information from third parties. We may receive information from business intelligence sources, identity verification providers, and authorized sub-contractors involved in co-delivering services to you. Where you provide us information about any other person, you are responsible for ensuring that person understands how their information will be used and has consented to its disclosure.

How We Use Personal Data

Service delivery. We use Personal Data to design, deploy, and manage AI systems and technology infrastructure per your specifications; to provide consulting advice, project management, and technical support; to communicate project status and deliverables; and to issue invoices and process payments.

Safety, security, and compliance. We use Personal Data to monitor infrastructure health and prevent outages and security incidents; to detect fraud or unauthorized access; and to meet our legal and contractual obligations.

Service improvement. We analyze usage patterns to enhance our platforms and service quality. We may conduct internal research on AI infrastructure methodologies using aggregated, anonymized data only. We do not use client confidential content to train general-purpose models offered to other customers without your explicit written consent.

Marketing and business development. Where you have opted in, we may send newsletters, thought leadership content, and event information. You may withdraw consent at any time by contacting us at legal@bricehillconsulting.com or using the unsubscribe link in any email we send.

AI Systems and Automated Processing

Where we deploy or operate AI systems on your behalf, additional data handling obligations apply under the Data Processing Agreement incorporated into your Master Services Agreement. We retain AI-generated outputs for the period specified in your service agreement. We do not use your clients' Personal Data to train general-purpose models available to other customers. Physical infrastructure data is processed solely for operational and safety purposes.

Cookies

We use essential cookies required for site function, functional cookies that remember your preferences, and analytics cookies (Google Analytics with IP anonymization enabled). We do not deploy advertising or cross-site tracking cookies on our properties. You may adjust cookie preferences through your browser settings at any time.

Sharing and Disclosure

We do not sell Personal Data. We may share Personal Data with service providers and sub-processors who are bound by data protection obligations equivalent to those described in this Policy; with successors in connection with a merger, acquisition, or sale of business assets, subject to confidentiality undertakings; with courts, regulators, or law enforcement as required by applicable law or legal process; and in aggregated, de-identified form that cannot reasonably identify you. All third-party recipients are limited to the minimum Personal Data necessary for the purpose of the disclosure.

International Transfers

Where Personal Data is transferred outside your home jurisdiction, we ensure appropriate safeguards are in place — including Standard Contractual Clauses or other lawful mechanisms recognized under applicable data protection law — to ensure your Personal Data receives a level of protection comparable to that in the jurisdiction where it was collected.

Security

We implement administrative, physical, and technical measures to protect your Personal Data against unauthorized access, modification, or disclosure. These include encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, multi-factor authentication, regular penetration testing, physical security at colocation facilities, and breach notification procedures consistent with applicable law. No method of electronic transmission is completely secure; any transmission is at your own risk, and we are not responsible for the security of information you transmit over networks we do not control.

Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory requirements (commonly five to seven years for financial records), and resolve disputes. Infrastructure logs and telemetry are retained per the schedule agreed in your service agreement. When Personal Data is no longer required, it is securely deleted or anonymized.

Your Privacy Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, or port your Personal Data, to object to certain processing, and to withdraw consent where processing is based on consent. We will not discriminate against you for exercising any privacy right. To submit a request, contact us at legal@bricehillconsulting.com. We will respond within the timeframe required by applicable law, generally within thirty (30) days. If you are located in the EEA or UK and believe your request has not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If you believe a child has submitted Personal Data to us, please contact us immediately at legal@bricehillconsulting.com and we will take steps to delete it promptly.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or applicable law. When we do, we will post the updated Policy on our Site with a revised effective date. Where changes are material, we will provide appropriate notice — including by email where required — at least thirty (30) days before the changes take effect. Your continued use of the Site or our services after that date constitutes acceptance of the updated Policy.

Contact Us

For questions, feedback, or to exercise your privacy rights, please contact our Privacy team at legal@bricehillconsulting.com or by mail at BriceHill Consulting, 203 Corby Road, #47, Kelton, PA 19346-9998.